CONFIG_ARM64_PTR_AUTH is not available for thedefaultarchitecture x86.
Result is shown for architecture arm64
Enable support for pointer authentication
modulename: pointer_auth.ko
configname: CONFIG_ARM64_PTR_AUTH
Linux Kernel Configuration
└─>Kernel Features
└─>ARMv8.3 architectural features
└─>Enable support for pointer authentication
In linux kernel since version 5 (release Date: 2019-03-03)
Pointer authentication (part of the ARMv8.3 Extensions) provides
instructions for signing and authenticating pointers against secret
keys, which can be used to mitigate Return Oriented Programming (ROP)
and other attacks.
This option enables these instructions at EL0 (i.e. for userspace).
Choosing this option will cause the kernel to initialise secret keys
for each process at exec() time, with these keys being
context-switched along with the process.
If the compiler supports the -mbranch-protection or
-msign-return-address flag (e.g. GCC 7 or later), then this option
will also cause the kernel itself to be compiled with return address
protection. In this case, and if the target hardware is known to
support pointer authentication, then CONFIG_STACKPROTECTOR can be
disabled with minimal loss of protection.
The feature is detected at runtime. If the feature is not present in
hardware it will not be advertised to userspace/KVM guest nor will it
be enabled. However, KVM guest also require VHE mode and hence
CONFIG_ARM64_VHE=y option to use this feature.
If the feature is present on the boot CPU but not on a late CPU, then
the late CPU will be parked. Also, if the boot CPU does not have
address auth and the late CPU has then the late CPU will still boot
but with the feature disabled. On such a system, this option should
not be selected.
This feature works with FUNCTION_GRAPH_TRACER option only if
DYNAMIC_FTRACE_WITH_REGS is enabled.
instructions for signing and authenticating pointers against secret
keys, which can be used to mitigate Return Oriented Programming (ROP)
and other attacks.
This option enables these instructions at EL0 (i.e. for userspace).
Choosing this option will cause the kernel to initialise secret keys
for each process at exec() time, with these keys being
context-switched along with the process.
If the compiler supports the -mbranch-protection or
-msign-return-address flag (e.g. GCC 7 or later), then this option
will also cause the kernel itself to be compiled with return address
protection. In this case, and if the target hardware is known to
support pointer authentication, then CONFIG_STACKPROTECTOR can be
disabled with minimal loss of protection.
The feature is detected at runtime. If the feature is not present in
hardware it will not be advertised to userspace/KVM guest nor will it
be enabled. However, KVM guest also require VHE mode and hence
CONFIG_ARM64_VHE=y option to use this feature.
If the feature is present on the boot CPU but not on a late CPU, then
the late CPU will be parked. Also, if the boot CPU does not have
address auth and the late CPU has then the late CPU will still boot
but with the feature disabled. On such a system, this option should
not be selected.
This feature works with FUNCTION_GRAPH_TRACER option only if
DYNAMIC_FTRACE_WITH_REGS is enabled.
source code:
depends
CONFIG_AS_HAS_PACCONFIG_CC_HAS_BRANCH_PROT_PAC_RET or CONFIG_CC_HAS_SIGN_RETURN_ADDRESS
CONFIG_ARM64_VHE or NOT CONFIG_KVM
CONFIG_AS_HAS_CFI_NEGATE_RA_STATE or NOT CONFIG_CC_IS_CLANG
CONFIG_DYNAMIC_FTRACE_WITH_REGS or NOT CONFIG_FUNCTION_GRAPH_TRACER
CONFIG_LD_IS_LLD or CONFIG_LD_VERSIONCONFIG_233010000 or CONFIG_CC_IS_GCC
CONFIG_GCC_VERSIONCONFIG_90100